Disk utilization for Archive and Analytic logs

You can specify how much of the total available FortiAnalyzer disk space to use for log storage. You can specify what ratio of the allotted storage space to use for logs that are indexed in the SQL database and for logs that are stored in a compressed format on the FortiAnalyzer disks. Then you can monitor how quickly device logs are filling up the allotted disk space.

Analytic logs indexed in the SQL database require more disk space than Archive logs (purged from the SQL database but remain compressed on the FortiAnalyzer disks).

An average Analytic log is 600 bytes, and an average Archive log is 80 bytes. By default, after seven days Analytic logs are compressed and are an average of 150 bytes.

Keep this difference in mind when specifying the storage ratio for Analytics and Archive logs.

When ADOMs are enabled, you can specify settings for each ADOM and the settings apply to all devices in that ADOM. When ADOMs are disabled, settings apply to all managed devices. See Log storage information.